AV8/Malwareinfolist virus affected computer

View previous topic View next topic Go down

AV8/Malwareinfolist virus affected computer

Post by garlav on Fri 22 Oct 2010, 12:03 pm

Hi there,
I am helping a friend fix their desktop Windows XP Pro PC and I've done everything possible to my knowledge to try and resolve the problem...The problem being that when internet explorer is opened up, it displays malwareinfolist blocking me from going to any website. I'm sure you guys are very familiar with this, but I really would have thought that after combofix and malwarebytes it would have been resolved.

I have logs from OTL and also combofix. Please help!

Thanks, Gary

OTL Log:
OTL logfile created on: 10/21/2010 8:54:22 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = D:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 110.00 Mb Available Physical Memory | 45.00% Memory free
606.00 Mb Paging File | 282.00 Mb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 64.96 Gb Free Space | 85.11% Space Free | Partition Type: NTFS
Drive D: | 3.74 Gb Total Space | 3.72 Gb Free Space | 99.61% Space Free | Partition Type: FAT32

Computer Name: ADAM-5FF9O2HLJD | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/10/21 20:51:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\OTL.com
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe
PRC - [2005/08/24 16:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe
PRC - [2005/08/11 22:02:44 | 000,053,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\oasclnt.exe
PRC - [2005/08/10 12:49:20 | 000,163,840 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\mcvsshld.exe
PRC - [2005/08/10 11:22:02 | 000,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe
PRC - [2005/07/08 18:16:16 | 000,483,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSEscn.exe


========== Modules (SafeList) ==========

MOD - [2010/10/21 20:51:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- D:\OTL.com
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2005/09/26 18:12:52 | 000,098,304 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSSkt.Dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe -- (McDetect.exe)
SRV - [2005/08/24 16:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) [Auto | Running] -- c:\Program Files\McAfee.com\Agent\McTskshd.exe -- (McTskshd.exe)
SRV - [2005/08/10 11:22:02 | 000,221,184 | ---- | M] (McAfee Inc.) [Auto | Running] -- c:\Program Files\McAfee.com\VSO\McShield.exe -- (McShield)
SRV - [2005/07/01 19:22:50 | 000,245,760 | ---- | M] (McAfee, Inc) [On_Demand | Stopped] -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe -- (mcupdmgr.exe)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Adam\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2005/08/10 11:22:10 | 000,114,464 | ---- | M] (McAfee Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1)
DRV - [2003/04/25 00:48:02 | 000,730,092 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/07 15:02:45 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/10/21 20:23:31 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee VirusScan) - {BA52B914-B692-46c4-B683-905236F6F655} - c:\Program Files\McAfee.com\VSO\mcvsshl.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL File not found
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe (McAfee, Inc.)
O4 - HKLM..\Run: [VSOCheckTask] C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe (McAfee, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Support.com Configuration Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Adam\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/11 19:55:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/20 23:19:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/10/20 22:48:24 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Adam\Recent
[2010/10/20 22:41:50 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/10/20 22:26:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/10/20 22:22:53 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/10/20 22:22:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/10/20 22:22:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/10/20 22:22:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/10/20 22:21:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/20 22:18:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/20 22:07:17 | 000,000,000 | ---D | C] -- C:\14014c253c9bcdd36f7aaf04a7
[2010/10/20 21:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Desktop\backups
[2010/10/20 21:44:52 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Adam\Desktop\HijackThis.exe
[2010/10/20 21:37:20 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/10/20 21:37:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/10/20 21:37:20 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/10/20 21:37:20 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/10/20 20:44:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Application Data\Malwarebytes
[2010/10/20 20:44:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/10/20 20:44:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/10/20 20:44:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/20 20:44:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/10/20 20:39:07 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/10/20 19:20:32 | 000,000,000 | ---D | C] -- C:\Program Files\PC Cleaner
[2010/10/19 20:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/10/19 10:28:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/10/18 22:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\Local Settings\Application Data\Temp
[2010/10/14 12:42:04 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/10/14 12:42:03 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/10/14 12:41:54 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/10/06 17:09:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Adam\My Documents\elizabeth's documents
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/21 20:33:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/21 20:24:38 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/21 20:23:31 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/21 20:22:47 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/21 20:22:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/21 19:53:12 | 003,882,521 | R--- | M] () -- C:\Documents and Settings\Adam\Desktop\ComboFix.exe
[2010/10/21 15:07:44 | 000,384,000 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\TCU.doc
[2010/10/21 06:26:20 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\iexplore.sy_
[2010/10/20 22:43:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/10/20 21:44:53 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Adam\Desktop\HijackThis.exe
[2010/10/20 20:44:28 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 19:03:05 | 000,000,221 | ---- | M] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/10/19 20:42:44 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/16 14:36:57 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\BEGINNING 7-8.doc
[2010/10/16 14:28:52 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\BEGINING 5-6.doc
[2010/10/16 14:26:48 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\BEGINNING 3-4.doc
[2010/10/16 13:56:54 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Adam\Desktop\BEGINNING 1-2.doc
[2010/10/14 21:28:25 | 000,258,248 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/21 19:54:42 | 003,882,521 | R--- | C] () -- C:\Documents and Settings\Adam\Desktop\ComboFix.exe
[2010/10/21 06:26:20 | 000,000,004 | -H-- | C] () -- C:\WINDOWS\System32\iexplore.sy_
[2010/10/20 22:43:04 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/10/20 22:42:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/10/20 22:22:54 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/10/20 22:22:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/10/20 22:22:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/10/20 22:22:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/10/20 22:22:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/10/20 20:44:28 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/20 19:03:05 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2010/10/20 18:52:54 | 000,384,000 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\TCU.doc
[2010/10/19 20:42:44 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/10/11 12:45:45 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\BEGINNING 7-8.doc
[2010/10/11 12:45:21 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\BEGINING 5-6.doc
[2010/10/11 12:45:00 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\BEGINNING 3-4.doc
[2010/10/11 12:44:33 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Adam\Desktop\BEGINNING 1-2.doc
[2010/07/04 14:25:40 | 000,000,035 | ---- | C] () -- C:\WINDOWS\Blink.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/02/28 14:38:44 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Adam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/11 21:18:55 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/07/11 21:17:29 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll
[2007/07/11 21:17:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/07/11 21:05:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/07/11 15:47:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/03 06:26:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< ComboFix 10-10-21.01 - Adam 10/21/2010 20:09:04.1.1 - x86 >
Invalid Switch: 2010 20:09:04.1.1 - x86


< Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.247.131 [GMT -4:00] >

< Running from: c:\documents and settings\Adam\Desktop\ComboFix.exe >

< AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} >

< * Resident AV is active >

< >

< . >

< >

< ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) >

< . >

< >

< c:\windows\system32\lsp624.dll >

< c:\windows\system32\taskcgr.exe >

< >

< . >

< ((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 ))))))))))))))))))))))))))))))) >

< . >

< >

< No new files created in this timespan >

< >

< . >

< (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) >

< . >

< . >

< >

< ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) >

< . >

< . >

< *Note* empty entries & legit default entries are not shown >

< REGEDIT4 >

< >

< [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >

~[Filtered]~

< >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >

~[Filtered]~

< "VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552] >

< "VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840] >

< "MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104] >

< "MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992] >

< "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152] >

< "OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248] >

< "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] >

< "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760] >

< "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] >

< >

< c:\documents and settings\All Users\Start Menu\Programs\Startup\ >

< HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624] >

< >

< [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] >

< "DisableMonitoring"=dword:00000001 >

< >

< [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] >

< "EnableFirewall"= 0 (0x0) >

< >

< [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] >

< "%windir%\\system32\\sessmgr.exe"= >

< "%windir%\\Network Diagnostic\\xpnetdiag.exe"= >

< >

< S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2010 6:21 PM 136176] >
Invalid Switch: 2010 6:21 PM 136176]


< . >

< Contents of the 'Scheduled Tasks' folder >

< >

< 2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job >

< - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 22:21] >

< >

< 2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job >

< - c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 22:21] >

< . >

< . >

< ------- Supplementary Scan ------- >

< . >

< uStart Page = [You must be registered and logged in to see this link.] >
Invalid Switch:


< IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 >

< . >

< - - - - ORPHANS REMOVED - - - - >

< >

< HKLM-Run-IgfxTray - c:\windows\System32\igfxtray.exe >

< HKLM-Run-GMorphCl - c:\windows\system32\taskcgr.exe >

< AddRemove-ShockwaveFlash - c:\windows\System32\Macromed\Flash\FlashUtil9c.exe >

< >

< >

< >

< Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.] >
Invalid Switch: [You must be registered and logged in to see this link.]


< >

< device: opened successfully >

< user: MBR read successfully >

< called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81275566]<< >

< kernel: MBR read successfully >

< detected MBR rootkit hooks: >

< \Driver\Disk -> CLASSPNP.SYS @ 0xf95d1f28 >

< \Driver\ACPI -> ACPI.sys @ 0xf9544cb8 >

< \Driver\atapi -> atapi.sys @ 0xf94d6852 >

< IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 >

< ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac >

< \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615 >

< ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac >

< NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf93e2bb0 >
Invalid Switch: 100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf93e2bb0


< PacketIndicateHandler -> NDIS.sys @ 0xf93efa21 >

< SendHandler -> NDIS.sys @ 0xf93cd87b >

< user & kernel MBR OK >

< >

< ************************************************************************** >
[2010/09/28 18:01:38 | 000,029,184 | ---- | M] () -- \SUBSTANCE ABUSE.doc
[2010/09/30 17:55:48 | 000,037,888 | ---- | M] () -- \SUBSTANCE ABUSE 7 and 8- for merge.doc
[2010/10/05 16:23:50 | 000,013,217 | ---- | M] () -- \Beg.Rec. 2.docm
[2010/10/16 14:36:58 | 000,034,816 | ---- | M] () -- \BEGINNING 7-8.doc
[2010/09/19 12:39:16 | 000,021,504 | ---- | M] () -- \CCRI-EXTRA HOURS TIMESHEET LOG.doc
[2010/09/20 17:40:18 | 000,033,792 | ---- | M] () -- \FUNCTIONAL ASSESSMENT.doc
[2010/09/08 20:10:28 | 000,034,304 | ---- | M] () -- \FUNCTIONAL ASSESSMENT PART II.doc
[2007/10/22 13:41:30 | 000,020,992 | ---- | M] () -- \humble brother.doc
[2010/09/01 18:23:06 | 000,020,480 | ---- | M] () -- \Intership II.doc
[2010/05/27 17:23:16 | 000,025,088 | ---- | M] () -- \John G.doc
[2010/09/09 11:47:26 | 000,044,544 | ---- | M] () -- \Mental Status Exam.doc
[2010/06/09 15:32:38 | 000,023,040 | ---- | M] () -- \Sample Resume.doc
[2010/09/05 11:42:22 | 000,096,256 | ---- | M] () -- \Scheduled payments.doc
[2010/10/20 18:52:56 | 000,384,000 | ---- | M] () -- \TCU.doc
[2009/05/20 16:30:58 | 000,021,504 | ---- | M] () -- \admin. of justice.doc
[2010/10/16 14:28:54 | 000,030,720 | ---- | M] () -- \BEGINING 5-6.doc
[2010/10/16 13:56:56 | 000,033,792 | ---- | M] () -- \BEGINNING 1-2.doc
[2010/10/16 14:26:50 | 000,034,816 | ---- | M] () -- \BEGINNING 3-4.doc
[2010/10/06 17:12:52 | 000,019,968 | ---- | M] () -- \BEG.REC.2.doc
[2010/10/06 17:15:22 | 000,019,968 | ---- | M] () -- \BEG.REC.5&6.doc
[2010/10/06 17:14:32 | 000,019,968 | ---- | M] () -- \BEG.REC. 7 and 8- for merge.doc
[2010/10/06 17:15:56 | 000,019,968 | ---- | M] () -- \BEGINNING RECOVERY.doc
[2010/10/06 17:18:16 | 000,019,968 | ---- | M] () -- \Case #1.doc
[2010/10/06 17:16:26 | 000,019,968 | ---- | M] () -- \Ethical.doc
[2010/10/06 17:18:38 | 000,019,968 | ---- | M] () -- \Internship.doc
[2010/10/06 17:10:38 | 000,034,304 | ---- | M] () -- \LEARNING LOG.doc
[2010/10/06 17:09:08 | 000,025,600 | ---- | M] () -- \LEARNING LOG-3.doc
[2010/10/11 14:25:32 | 000,028,672 | ---- | M] () -- \LEARNING LOG 4.doc
[2010/10/06 17:17:22 | 000,019,968 | ---- | M] () -- \SELF INVENTORY OF ATTITUDES RELATING TO ETHICAL ISSUES.doc
[2010/10/06 17:17:52 | 000,019,968 | ---- | M] () -- \SUBSTANCE ABUSE-1.doc
[2010/10/06 17:11:42 | 000,026,112 | ---- | M] () -- \SUBSTANCE ABUSE-syllabus.doc
[2010/10/11 13:24:16 | 000,021,504 | ---- | M] () -- \TPCDS.doc
[2010/10/20 22:05:28 | 011,701,704 | ---- | M] () -- \windows-kb890830-v3.12.exe
[2010/10/20 22:22:06 | 001,187,896 | ---- | M] () -- \ccsetup236.exe
[2010/10/20 22:48:32 | 000,364,032 | ---- | M] () -- \rkill.com
[2010/10/21 20:42:28 | 000,005,808 | ---- | M] () -- \log.txt
[2010/10/21 20:51:08 | 000,575,488 | ---- | M] () -- \OTL.com
[2010/10/21 20:52:36 | 000,001,021 | ---- | M] () -- \log2.txt

< . >

< --------------------- DLLs Loaded Under Running Processes --------------------- >

< >

< - - - - - - - > 'winlogon.exe'(644) >

< c:\windows\system32\WININET.dll >
[2010/09/10 01:58:08 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
[2 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]

< >

< - - - - - - - > 'lsass.exe'(704) >

< c:\windows\system32\WININET.dll >
[2010/09/10 01:58:08 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
[2 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]

< >

< - - - - - - - > 'explorer.exe'(3860) >

< c:\windows\system32\WININET.dll >
[2010/09/10 01:58:08 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wininet.dll
[2 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]

< c:\progra~1\mcafee.com\vso\McVSSkt.dll >
[2005/09/26 18:12:52 | 000,098,304 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSSkt.Dll

< c:\windows\system32\ieframe.dll >
[2010/09/10 01:58:05 | 011,080,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ieframe.dll
[2 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]

< c:\windows\system32\webcheck.dll >
[2009/03/08 04:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\webcheck.dll
[2 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]

< . >

< ------------------------ Other Running Processes ------------------------ >

< . >

< c:\program files\Java\jre6\bin\jqs.exe >
[2010/09/15 04:50:54 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- c:\Program Files\Java\jre6\bin\jqs.exe

< c:\program files\mcafee.com\agent\mcdetect.exe >
[2005/10/13 19:56:16 | 000,126,976 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\Mcdetect.exe

< c:\progra~1\mcafee.com\vso\mcshield.exe >
[2005/08/10 11:22:02 | 000,221,184 | ---- | M] (McAfee Inc.) -- c:\Program Files\McAfee.com\VSO\McShield.exe

< c:\progra~1\mcafee.com\agent\mctskshd.exe >
[2005/08/24 16:01:04 | 000,122,368 | ---- | M] (McAfee, Inc) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe

< c:\progra~1\mcafee.com\vso\OasClnt.exe >
[2005/08/11 22:02:44 | 000,053,248 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\oasclnt.exe

< c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe >
[2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

< c:\progra~1\mcafee.com\vso\mcvsescn.exe >
[2005/07/08 18:16:16 | 000,483,328 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\VSO\McVSEscn.exe

< c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE >
[2009/08/18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

< c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe >
[2009/08/18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

< c:\windows\system32\wscntfy.exe >
[2008/04/13 20:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2 c:\windows\system32\*.tmp files -> c:\windows\system32\*.tmp -> ]

< c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe >
[2005/05/12 00:40:38 | 000,204,800 | ---- | M] (Hewlett-Packard Co.) -- c:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

< . >

< ************************************************************************** >
[2010/09/28 18:01:38 | 000,029,184 | ---- | M] () -- \SUBSTANCE ABUSE.doc
[2010/09/30 17:55:48 | 000,037,888 | ---- | M] () -- \SUBSTANCE ABUSE 7 and 8- for merge.doc
[2010/10/05 16:23:50 | 000,013,217 | ---- | M] () -- \Beg.Rec. 2.docm
[2010/10/16 14:36:58 | 000,034,816 | ---- | M] () -- \BEGINNING 7-8.doc
[2010/09/19 12:39:16 | 000,021,504 | ---- | M] () -- \CCRI-EXTRA HOURS TIMESHEET LOG.doc
[2010/09/20 17:40:18 | 000,033,792 | ---- | M] () -- \FUNCTIONAL ASSESSMENT.doc
[2010/09/08 20:10:28 | 000,034,304 | ---- | M] () -- \FUNCTIONAL ASSESSMENT PART II.doc
[2007/10/22 13:41:30 | 000,020,992 | ---- | M] () -- \humble brother.doc
[2010/09/01 18:23:06 | 000,020,480 | ---- | M] () -- \Intership II.doc
[2010/05/27 17:23:16 | 000,025,088 | ---- | M] () -- \John G.doc
[2010/09/09 11:47:26 | 000,044,544 | ---- | M] () -- \Mental Status Exam.doc
[2010/06/09 15:32:38 | 000,023,040 | ---- | M] () -- \Sample Resume.doc
[2010/09/05 11:42:22 | 000,096,256 | ---- | M] () -- \Scheduled payments.doc
[2010/10/20 18:52:56 | 000,384,000 | ---- | M] () -- \TCU.doc
[2009/05/20 16:30:58 | 000,021,504 | ---- | M] () -- \admin. of justice.doc
[2010/10/16 14:28:54 | 000,030,720 | ---- | M] () -- \BEGINING 5-6.doc
[2010/10/16 13:56:56 | 000,033,792 | ---- | M] () -- \BEGINNING 1-2.doc
[2010/10/16 14:26:50 | 000,034,816 | ---- | M] () -- \BEGINNING 3-4.doc
[2010/10/06 17:12:52 | 000,019,968 | ---- | M] () -- \BEG.REC.2.doc
[2010/10/06 17:15:22 | 000,019,968 | ---- | M] () -- \BEG.REC.5&6.doc
[2010/10/06 17:14:32 | 000,019,968 | ---- | M] () -- \BEG.REC. 7 and 8- for merge.doc
[2010/10/06 17:15:56 | 000,019,968 | ---- | M] () -- \BEGINNING RECOVERY.doc
[2010/10/06 17:18:16 | 000,019,968 | ---- | M] () -- \Case #1.doc
[2010/10/06 17:16:26 | 000,019,968 | ---- | M] () -- \Ethical.doc
[2010/10/06 17:18:38 | 000,019,968 | ---- | M] () -- \Internship.doc
[2010/10/06 17:10:38 | 000,034,304 | ---- | M] () -- \LEARNING LOG.doc
[2010/10/06 17:09:08 | 000,025,600 | ---- | M] () -- \LEARNING LOG-3.doc
[2010/10/11 14:25:32 | 000,028,672 | ---- | M] () -- \LEARNING LOG 4.doc
[2010/10/06 17:17:22 | 000,019,968 | ---- | M] () -- \SELF INVENTORY OF ATTITUDES RELATING TO ETHICAL ISSUES.doc
[2010/10/06 17:17:52 | 000,019,968 | ---- | M] () -- \SUBSTANCE ABUSE-1.doc
[2010/10/06 17:11:42 | 000,026,112 | ---- | M] () -- \SUBSTANCE ABUSE-syllabus.doc
[2010/10/11 13:24:16 | 000,021,504 | ---- | M] () -- \TPCDS.doc
[2010/10/20 22:05:28 | 011,701,704 | ---- | M] () -- \windows-kb890830-v3.12.exe
[2010/10/20 22:22:06 | 001,187,896 | ---- | M] () -- \ccsetup236.exe
[2010/10/20 22:48:32 | 000,364,032 | ---- | M] () -- \rkill.com
[2010/10/21 20:42:28 | 000,005,808 | ---- | M] () -- \log.txt
[2010/10/21 20:51:08 | 000,575,488 | ---- | M] () -- \OTL.com
[2010/10/21 20:52:36 | 000,001,021 | ---- | M] () -- \log2.txt

< . >

< Completion time: 2010-10-21 20:33:48 - machine was rebooted >

< ComboFix-quarantined-files.txt 2010-10-22 00:33 >

< >

< Pre-Run: 69,369,040,896 bytes free >

< Post-Run: 69,736,554,496 bytes free >

< >

< - - End Of File - - D5E6690CEE9838179D1B4DD9DC1B71D4 >

< End of report >
Extras Log:
OTL Extras logfile created on: 10/21/2010 8:54:22 PM - Run 1
OTL by OldTimer - Version 3.2.16.0 Folder = D:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 110.00 Mb Available Physical Memory | 45.00% Memory free
606.00 Mb Paging File | 282.00 Mb Available in Paging File | 47.00% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 64.96 Gb Free Space | 85.11% Space Free | Partition Type: NTFS
Drive D: | 3.74 Gb Total Space | 3.72 Gb Free Space | 99.61% Space Free | Partition Type: FAT32

Computer Name: ADAM-5FF9O2HLJD | User Name: Adam | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C0BAFCA-BDB8-492B-8845-DC0A4B4C1823}" = HPDeskjet5400Series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{66468F4D-BC4E-470C-9093-B3B6A1BB378C}" = MSN Toolbar Platform
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C4BA56E6-3DA9-4454-AD39-81FB11810984}" = McAfee VirusScan Professional Bonus Pack
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EB57A16E-500D-43d7-85B9-FBE279EBBA6E}" = HP Deskjet 5400 series
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"AskSBar Uninstall" = Ask Toolbar
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mcafee SecurityCenter" = McAfee SecurityCenter
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirusScan Online" = McAfee VirusScan
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/21/2010 2:05:41 AM | Computer Name = ADAM-5FF9O2HLJD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/21/2010 6:15:50 AM | Computer Name = ADAM-5FF9O2HLJD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/21/2010 3:12:04 PM | Computer Name = ADAM-5FF9O2HLJD | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/21/2010 3:12:04 PM | Computer Name = ADAM-5FF9O2HLJD | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/21/2010 3:12:04 PM | Computer Name = ADAM-5FF9O2HLJD | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/21/2010 3:12:04 PM | Computer Name = ADAM-5FF9O2HLJD | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 10/21/2010 3:12:55 PM | Computer Name = ADAM-5FF9O2HLJD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/21/2010 3:12:55 PM | Computer Name = ADAM-5FF9O2HLJD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 10/21/2010 7:41:53 PM | Computer Name = ADAM-5FF9O2HLJD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 10/21/2010 7:41:54 PM | Computer Name = ADAM-5FF9O2HLJD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 10/16/2010 10:11:06 AM | Computer Name = ADAM-5FF9O2HLJD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 10/16/2010 10:11:06 AM | Computer Name = ADAM-5FF9O2HLJD | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 10/21/2010 7:31:26 PM | Computer Name = ADAM-5FF9O2HLJD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Pml Driver HPZ12 service
to connect.

Error - 10/21/2010 7:31:26 PM | Computer Name = ADAM-5FF9O2HLJD | Source = Service Control Manager | ID = 7000
Description = The Pml Driver HPZ12 service failed to start due to the following
error: %%1053

Error - 10/21/2010 7:54:20 PM | Computer Name = ADAM-5FF9O2HLJD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/21/2010 7:54:24 PM | Computer Name = ADAM-5FF9O2HLJD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

Error - 10/21/2010 8:04:43 PM | Computer Name = ADAM-5FF9O2HLJD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 10/21/2010 8:11:31 PM | Computer Name = ADAM-5FF9O2HLJD | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 10/21/2010 8:25:08 PM | Computer Name = ADAM-5FF9O2HLJD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Application Layer Gateway
Service service to connect.

Error - 10/21/2010 8:25:16 PM | Computer Name = ADAM-5FF9O2HLJD | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%1053


< End of report >

Combofix Log:

ComboFix 10-10-21.01 - Adam 10/21/2010 20:09:04.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.247.131 [GMT -4:00]
Running from: c:\documents and settings\Adam\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\lsp624.dll
c:\windows\system32\taskcgr.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-13 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-01-30 118784]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"VirusScan Online"="c:\program files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 163840]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/13/2010 6:21 PM 136176]
.
Contents of the 'Scheduled Tasks' folder

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 22:21]

2010-10-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-13 22:21]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-IgfxTray - c:\windows\System32\igfxtray.exe
HKLM-Run-GMorphCl - c:\windows\system32\taskcgr.exe
AddRemove-ShockwaveFlash - c:\windows\System32\Macromed\Flash\FlashUtil9c.exe



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x81275566]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf95d1f28
\Driver\ACPI -> ACPI.sys @ 0xf9544cb8
\Driver\atapi -> atapi.sys @ 0xf94d6852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0615
ParseProcedure -> ntoskrnl.exe @ 0x8056c3ac
NDIS: Intel(R) PRO/100 VE Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf93e2bb0
PacketIndicateHandler -> NDIS.sys @ 0xf93efa21
SendHandler -> NDIS.sys @ 0xf93cd87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3860)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee.com\vso\McVSSkt.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\agent\mctskshd.exe
c:\progra~1\mcafee.com\vso\OasClnt.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-10-21 20:33:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-22 00:33

Pre-Run: 69,369,040,896 bytes free
Post-Run: 69,736,554,496 bytes free

- - End Of File - - D5E6690CEE9838179D1B4DD9DC1B71D4

garlav

Unborn
Unborn

Posts : 1
Joined : 2010-10-22
Operating System : windows vista premium

View user profile

Back to top Go down

Re: AV8/Malwareinfolist virus affected computer

Post by Belahzur on Sat 23 Oct 2010, 10:57 am

Hello.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum